Msploitego - Pentesting Suite For Maltego Based On Data In A Metasploit Database

msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further. Entities can either be loaded from a Metasploit XML file or taken directly from the Postgres msf database.

Requirements

Python 2.7

Has only been tested on Kali Linux

software installations:

Metasploit

nmap

enum4linux

smtp-check

nikto

Installation

checkout and update the transform path inside Maltego

In Maltego import config from msploitego/src/msploitego/resources/maltego/msploitego.mtz

General Use

Using exported Metasploit xml file

run a db_nmap scan in metatasploit, or import a previous scan

msf> db_nmap -vvvv -T5 -A -sS -ST -Pn

msf> db_import /path/to/your/nmapfile.xml

export the database to an xml file

msf> db_export -f xml /path/to/your/output.xml

In Maltego drag a MetasploitDBXML entity onto the graph.

Update the entity with the path to your metasploit database file.

run the MetasploitDB transform to enumerate hosts.

from there several transforms are available to enumerate services, vulnerabilities stored in the metasploit DB